class GSecurityFilters {
    def filters = {
        all(controller: '*', action: '*') {
            before = {

		def controllerUCase = controllerName[0].toUpperCase() + controllerName[1..-1] + "Controller"
		def controller = applicationContext.getBean(controllerUCase);

		try {
/**
 * try to get the static roleAccess map from the currently requested controller
 * we put this in a try/catch block, because the controller might not have a roleAccess map
 * if it doesn't we will catch the exception, and just automatically return true.
 * the thinking here is that if a controller author hasn't delcared ANY roleAccess 
 * then there's no need for any access logic on it.  This could be turned on its head
 * to deny all requests without explicit roleAccess maps, just by changing the return true
 * to return false, but it's not being handled that way to start.
 *
 * We then get the current list of roles for the user object in the session.  
 * If there's no user object in the session, we should just return false and be done.
 *
 */
                    def roleAccess = controller?.roleAccess

                    def actionToCheck = actionName

                    if (actionToCheck == null ) { 
                        actionToCheck = 'index' 
                    }


                    //def userRoles = ["author","admin"]
                    if (session.user == null) { 
                            session.user = new Guser();
                    }

//                    def userRoles = session.user?.getRoleList()
                    def userRoles = session.user?.roles
print "user roles = " + userRoles

                    def requiredRoles = [:]

                    def hasRequiredRole = false;

                    roleAccess.each { accessRule ->
                            if(accessRule.action.contains(actionToCheck) || accessRule.action.contains('*') ) {
                                    accessRule.roles.each{ tempRole->
println "===="
println userRoles
println "=="
println tempRole
println "--"
                                            if( tempRole.toString() == '*' ) {  
                                                    hasRequiredRole = true;			
						} else { 
						if(userRoles instanceof Collection) { 
							if(userRoles?.intersect(Grole.findByName(tempRole))) { 
                                                    		hasRequiredRole = true;			
							}
						} else {
							if(userRoles instanceof Grole) { 
								if(userRoles==Grole.findByName(tempRole)) { 
									hasRequiredRole = true;			
								}
							}
						}
/**
* @todo
* need break/continue in here to get out of loop faster!
*/

                                            }
                                    }
                            }
                    }
                    if(hasRequiredRole) { 
                            return true;
                    } else {
                            session.gk = [
                                redirectTo: [
                                    action:actionName, 
                                    controller: controllerName
                                    ],
                                ]
                            flash.permissionMessage = "You do not have permission to view this area"
                                
                            redirect(grailsApplication.config.noPermissionRedirect)
                            return false
                    }

		} catch(e) {
                    println e
                    println 'exception in security filter!'
                    return true
		}
            }
        }
    }
}
